Problem with UniversalBrowserRead: "Permission denied to call method XMLHttpRequest.open"

C

Charlie

I am trying to make an XMLHttpRequest which violates the default "same-
origin"policy in Firefox. I checked the archives and found a method
that should work but it does not. Below is the test code I isolated. I
set signed.applets.codebase_principal_support true and seemed to get
the UniversalBrowserRead permission but then the open still failed
with the same old "Permission denied to call method
XMLHttpRequest.open" error. Can someone tell me what I did wrong?
Thanks, Charlie Crowley

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<!-- I added the line
user_pref("signed.applets.codebase_principal_support", true);
to my "Prefs.js" file and it shows up as true in "about:config" when
I check -->
<script>

netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
console.log("Got UniversalBrowserRead permission, about to call
req.open()");
var req = new XMLHttpRequest();
req.open("GET", "http://s3.amazonaws.com/", false);
console.log("req.open() did not fail");
</script>
</head>
<body></body>
</html>
 
C

Charlie

I looked into this further on the Firefox boards and found a solution.
As far as I know it only works on Firefox. You need to establish a
security policy that allows XMLHttpRequest.open to any site. This web
site is useful: http://kb.mozillazine.org/Security_Policies

The solution is to add these three lines to to the "user.js"
preferences file. Actually on my Mac it is called the "prefs.js". Here
are the lines to add:

user_pref("capability.policy.XMLHttpRequestToAnySite.XMLHttpRequest.open",
"allAccess");
user_pref("capability.policy.XMLHttpRequestToAnySite.sites", "http://
localhost");
user_pref("capability.policy.policynames", "XMLHttpRequestToAnySite");

This names a policy, XMLHttpRequestToAnySite, you can use any name
that doesn't conflict with another one already defined. You give the
list of sites where this policy applies. that is, sites where the HTML
file that loads the JavaScript that wants to do the XMLHttpRequest
comes from. And the allAccess means that you can open any web site.

The Firefox site gives information on editing the "user.js" (or
"prefs.js") files. See http://www.mozilla.org/support/firefox/edit.

--Charlie Crowley
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Permission denied to call method XMLHttpRequest.open 5
Permission denied to call method XMLHttpRequest.open 0
Permission denied to call method XMLHttpRequest.open 11
"Permission denied to call method XMLHttpRequest.open" error 0
Can't set UniversalBrowserRead 1
Need help , Having problem with Drag n Drop... 1
"Permission denied" for XMLHttpRequest in Firefox 1
Need help , Having problem with Drag n Drop ? 9

Members online

Total: 68 (members: 2, guests: 66)
Robots: 415

Forum statistics

Threads
473,768
Messages
2,569,575
Members
45,053
Latest member
billing-software

Latest Threads

Top